CRISAM BSI und GSTOOL Knowledge Pack

The CRISAM® BSI and GSTOOL Knowledge Pack enables the use, evaluation and analysis of the BSI IT Grundschutz catalogues (in German: IT-Grundschutz-Kataloge) for your ISMS. Thanks to CRISAM® GSTOOL Import, existing data can be captured and further used. The BSI IT Grundschutz catalogues are issued by the German Federal Office for Security in Information Technology (BSI) and updated cyclically.

Key features and benefits

  • Contains the latest version of the BSI IT Grundschutz catalogues.
  • Contains the CRISAM® GSTOOL Import to take over existing BSI GSTOOL data for the CRISAM® Risk Management Information System.
  • Contains the BSI compliance analysis report to demonstrate that your ISMS is in conformity with BSI IT Baseline Protection.
  • As a result, the best possible support for preparing and gaining approved certification according to BSI IT Grundschutz catalogue is provided.
  • The integrated mapping allows an immediate analysis of CRISAM® ISMS controls or existing BSI controls.   
  • Available in German.


Basic IT protection according to BSI IT Grundschutz includes standard security measures for typical IT systems with normal protection requirements. The measures required for the implementation of the basic IT protection are put together in measures catalogs.  Measures necessary for the implementation of the basic protection measures are summarized in a catalog of measures. The measures are organized in layers: "infrastructure", "organisation", "personnel", "hardware / software", "communication" and "emergency preparedness". The detection and assessment of vulnerabilities in IT systems is carried out by means of risk analysis with CRISAM® catalogues.  

Figure 1: Shows degree of compliance of CRISAM controls with BSI measures catalogs

Compliance und Reporting

This Knowledge Pack contains the licensed BSI IT Grundschutz catalogues - thus, the compliance with the BSI measures catalogs can be assessed within CRISAM®.

Figure 2: Spider chart in BSI compliance report


With the CRISAM® GSTOOL Import, data can be taken over from the BSI GSTOOL into the CRISAM® Risk Management Information System.

The CRISAM® GSTOOL Import provides the following functions:

  • Simple and precise takeover of existing GSTOOL databases.
  • Direct processing of GS-TOOL export-data (.mdb).
  • Use of the extended functionality of CRISAM® regarding business impact analysis, aggregation of risks, cost-benefit analysis, reporting capabilities and much more.

The procedure for the takeover of data is very straightforward:

  1. Export data in GSTOOL.
  2. Create a CRISAM® project file with CRISAM® GSTOOL Import.
  3. Using the CRISAM® project file in CRISAM® Explorer.

Figure 3:  CRISAM® GSTOOL Import

The following data are taken over:

  • Target objects
  • Target object – security needs
  • Target object –
  • supplementary security analysis
  • Target object – notepad
  • Structure of target objects
  • Figure 4:  Modelling comparison GSTOOL / CRISAM®
  • Assignment of modules
  • Implementation of measures
  • Costs of measures
  • Revision of measures
  • Measures – responsible staff
  • Measures – notepad​


The structure of the target objects stays fixed during import. Additionally, the evaluations of the specific modules are displayed in CRISAM®. Alternatively, the structure can be reversed during import. As a result, the modelling corresponds to the standardised CRISAM® display.

Figure 4:  Modelling comparison GSTOOL / CRISAM® 

System requirements

CRISAM® Explorer


Microsoft Access 2010 Runtime 32-Bit oder higher
Microsoft Access 2010 32-Bit oder higher
GSTOOL Version 4.8 Export-Database with BSI Metadata up to supplementary delivery 12